|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Sven Mueller (sven
incase.de)Date: Tue Jan 15 2002 - 12:16:40 CST
On Fri, 4 Jan 2002 14:24:30 -0700, you (Vincent Danen
<vdanenmandrakesoft.com>) wrote:
> > What is it?
>
> Added protection for your system by implementing a hefty ACL set on
> your system. Basically, it will nicely protect your system... I've
> got the kernel built and am working on a default set of ACLs to use.
>
> So far so good! Using the default ACLs that come with lids, I was
> unable to start NFS and unable to start X, so I have some work ahead
> of me. =)
I have a question to those who already use(d) LIDS:
If I understand the statements in www.lids.org/about correctly, these
patches will allow users to protect (and hide) files from being
manipulated (seen) by anyone, including root. Is this right? If so,
could I (as root/owner of the system) set up ACLs that disable some of
those "features" on my system, like making it possible to protect
files/processes against other users, including hiding them, but not
including the possibility to hide processes from (for?) root?
That is:
I would like certain features of LIDS, even including the process/file
hide features, but I don't want my users to be able to run processes
on my machine that I couldn't even see (nor kill). I also want to be
able to see any of their executable files (but don't care much for
their data files, but they should probably be visible/readable for me,
I don't want them to be doing anything illegal on my system).
cu,
sven
-- Sven Mueller Tel: +49-231-401550 Giessereistr. 11a Mobil: +49-172-2323802 D-44289 Dortmund web: http://incase.deFor help, email discuss-help
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]